Tuesday, October 26, 2010

Arnprior voting extended by 24 hours due to technical issues

Many, many stories about this yesterday and today. Not just Arnprior was affected, but it's the only one that took the extraordinary step of extending voting by 24 hours. Other municipalities extended voting by an hour.

This is a serious voting system failure. I think "glitch" is a bit of an understatement. First you hand your voting system over to a private company, and then it doesn't work? That's a surrender followed by a failure, not a glitch.

Incidentally "we are just too popular a service" is not an explanation, it's an excuse.
If your system doesn't work, that is a technology planning failure. If the obvious visible parts of the system don't work, how much should we trust the parts of the system that we can't see?

It's interesting to compare this result with the glowing pre-election news stories about how wonderful this would all be.

Kemptville EMC News - North Grenville begins electronic voting Oct. 18 - October 14, 2010

According to director of corporate services/clerk Cahl Pominville, residents shouldn't be afraid of the process, noting that if "you can order from Sears over the phone, you can use electronic voting." ...

"It's not a big scary monster," he says of electronic voting, which will be handled by Intelivote Systems Inc. in eastern Canada. "It's been done by thousands and thousands of people in eastern Ontario in previous elections."


Pominville stressed that residents using the Internet voting method needn't be concerned about the security issues of the website they are being asked to visit.

"Residents will be connecting to a website in a very large, secure room in Nova Scotia," he explained. "It's a disaster-proof building that houses this kind of stuff."

Apparently it is not voting-day Internet-traffic-proof, sadly.
Incidentally, there is no difference between high real traffic and a denial of service attack - presumably a botnet could just as easily have shut this site out.
There's so much to mock about the tone and unseriousness of this article - it totally misses the point about Internet voting. The issue is not whether it's easy to click a website button or the server room is hurricane-proof. The issue is whether YOUR VOTE IS SECURE, ANONYMOUS AND CORRECTLY COUNTED. None of which the system can guarantee.

More pre-election fluff:

Arnprior EMC News - Town staff provide overview of electronic voting process Voting in municipal election runs from Oct. 18-25 - October 14, 2010

(Town clerk Jacquie Farrow-Lawrence), along with deputy-clerk Maureen Spratt, provided a demonstration of how the electronic voting system, provided by Intelivote System Inc., would work. She then explained the extensive publicity campaign that has gone into preparing the electorate for the new system.


"It is a secure process," Spratt explained as she proceeded to demonstrate voting by computer.

So first you pay the private company to use their Internet voting system (which turns out I guess to be a shared voting system), and then you pay to promote it to your citizens?

Plus which, define secure. Secure as in, it uses SSL? Secure as in you have a consultant report that says it's secure? Or secure as in you paid for a penetration test by computer security experts and they failed to compromise the system AND they failed to compromise the desktop endpoints that users voted? And you also paid business continuity experts to ensure it held up under denial of service AND network connection failure AND under high load?

People standing in a room counting paper is a highly resilient, low points of failure system.

Computer desktops + the entire Internet + server room(s) + the entire power grid + many many other technology elements is a many points of failure system.

Labels: , , ,

Comments: Post a Comment

Links to this post:

Create a Link

<- Older Posts - Newer Posts ->

This page is powered by Blogger. Isn't yours?